Ping a Specific Port

Question

Michal Gow

Asked: 2021-04-07 07:37:19 +0800 CST2021-04-07 07:37:19 +0800 CST 2021-04-07 07:37:19 +0800 CST

Meraki VPN behind NAT breaks Bitbucket Git on WSL2 (Ubuntu 20) on Windows 10

772

I access two Meraki VPNs from my Windows 10 Pro (10.0.19042 Build 19042) machine:

One which is not behind a NAT - when I switch this on, I can do git clone [...] or git fetch [...] just fine.
Second, which is behind a NAT - when I switch that on and run git fetch, I am geting error message: "fatal: unable to access 'https://bitbucket.org/[project]/[project-name].git/': gnutls_handshake() failed: Error in the pull function."

To make the second VPN work, I've executed following commands in the PowerShell:

Set-ItemProperty -Path "HKLM:SYSTEM\CurrentControlSet\Services\PolicyAgent" -Name "AssumeUDPEncapsulationContextOnSendRule" -Type DWORD -Value 2 –Force;
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters" /v AllowL2TPWeakCrypto /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters" /v ProhibitIpSec /t REG_DWORD /d 0 /f

It was also necessary to disable IPv6.

That made the VPN work for Windows, but not for Linux inside WSL2. Any suggestions? Thank you very much!

1 Answers

Voted

Michal Gow · Answer 1 · 2021-04-08T08:02:43+08:00

The problem was in a mismatch between VPN MTU and Linux under WSL2 MTU sizes.

It can be identified via 2 commands:

Windows PowerShell (run as administrator)

netsh interface ipv4 show subinterfaces

Notice the first row - it shows how big MTU is allowed in your VPN.

Linux (inside WSL2) console

ip addr

Notice the row starting 'eth0' - its MTU must match or be lower that the one above.

In my case the MTU in Linux was higher.

Solution

The following command instantly solves the problem:

sudo ip link set dev eth0 mtu 1400 (update MTU value to fit your VPN)

I have put it inside my ~/.bashrc and put /usr/sbin/ip into sudoers NOPASSWD for my account.

Better solution

So far I haven't managed to use any of the standard Linux tools to change MTU on Linux startup inside WSL2 (and hence to avoid putting it into .bashrc).

rc-local doesn't work under WSL2
/etc/dhcp/dhcpclient.conf doesn't propagate changes into default interface-mtu nor supersede interface-mtu
netsh interface ipv4 set subinterface "vEthernet (WSL)" mtu=1400 store=persistent doesn't affect Linux
/etc/netplan doesn't run inside WSL2

If you find the way, I'd be more than happy to have it here!

Meraki VPN behind NAT breaks Bitbucket Git on WSL2 (Ubuntu 20) on Windows 10

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?